ATM hacker behind $1 billion malware heists arrested in Spain

In a joint operation, Europol along with the law enforcement authorities from Belarus, Romania, Taiwan, Spanish Police, and the Federal Bureau of Investigation (FBI) have arrested an ATM hacker who happened to be the mastermind behind the large-scale cyber attacks against hundreds of banking and financial institutions around the world.

The ATM hacker who has not been named yet led a group of highly sophisticated cyber criminals who stole over billions of Euros ($1.2 billion) by infecting banking infrastructurewith Carbanak, Cobalt and Anunak malware.

The group was identified in 2013 by Russian cybersecurity giant Kaspersky Labs who noted thatCarbanak is an APT-style(advanced persistent threat (APT) campaign targeting (but not limited to) financial institutions in 40 different countries.

Infographic shared by Europol showing how the group worked

The group’s attacked banks in such a way that it used phishing attacks against its employees. Once their computers were infected the malware would allow hackers to remotely take over the system including those controlling ATMs resulting in spitting out cash for the group.

According to a press release by Europol, the group used three different methods of stealing money from the targeted banks including:

1. One in which one of the cybercriminals would physically wait outside the targeted ATM and collect the money at a pre-determined time.

2. They used e-payment network to transfer stolen money into their own bank accounts.

3. The group also compromised banking databases containing account information and modify the existing balance and steal the original amount without raising any suspicion.

The group also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses until their criminal activities came under Europol’s radar and arrested in Spain.

“This is the first time that the European Banking Federation (EBF) has actively cooperated with Europol on a specific investigation. It clearly goes beyond raising awareness on cybersecurity and demonstrates the value of our partnership with the cybercrime specialists at Europol. Public-private cooperation is essential when it comes to effectively fighting digital cross-border crimes like the one that we are seeing here with the Carbanak gang,” said EBF’s Chief Executive Office Wim Mijs.

Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), said: “This global operation is a significant success for international police cooperation against a top-level cybercriminal organization. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity.”

“This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality.”

Waqas Amir is a UK-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.